Key Points
- Delta is suing CrowdStrike over a faulty software update that led to a mass outage in July, costing Delta over $500 million.
- The outage affected Delta’s IT systems and triggered 7,000 flight cancellations, impacting 1.3 million passengers over five days.
- CrowdStrike claims Delta’s statements lack understanding of cybersecurity, deflecting from Delta’s alleged outdated IT infrastructure.
- The U.S. Department of Transportation investigates the incident’s causes and potential preventability.
Delta Air Lines has filed a lawsuit against cybersecurity firm CrowdStrike in Georgia state court, seeking damages following a massive software outage in July that led to widespread flight cancellations and travel disruptions for approximately 1.3 million customers. The outage reportedly cost Delta more than $500 million in direct losses. Filed in Fulton County Superior Court, the suit claims that CrowdStrike’s faulty software update on July 19 caused critical failures across Delta’s IT systems, halting operations and triggering flight cancellations worldwide.
According to Delta, the software update deployed by CrowdStrike — which provides cybersecurity software and services to Delta and other large companies — affected over 8.5 million Windows-based computers globally, resulting in system crashes. The airline states that the “untested and faulty” update forced major disruptions across industries, impacting banks, healthcare providers, media outlets, hospitality services, and the aviation sector. Delta’s lawsuit contends that CrowdStrike failed to properly test the software update, alleging that testing it on a single machine could have revealed the fault.
CrowdStrike responded by calling Delta’s claims unfounded, asserting that Delta’s statements reflect a misunderstanding of cybersecurity systems and a refusal to acknowledge its outdated IT infrastructure. “Delta’s claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame,” the cybersecurity firm stated.
The impact on Delta was severe, with over 7,000 flight cancellations and disruptions across five days in July, affecting more than a million passengers and leaving Delta with significant out-of-pocket costs. In addition to the estimated $500 million in direct losses, Delta seeks further compensation for lost profits, reputational damage, future revenue loss, and legal expenses. The lawsuit highlights the critical nature of reliable IT infrastructure in the airline industry, with Delta noting that it has invested billions in advanced technology solutions.
In response to the incident, the U.S. Department of Transportation launched an investigation to examine the causes and potential preventability of the mass cancellations. A Delta spokesperson noted that while the airline has trusted CrowdStrike for cybersecurity support since 2022, the incident has prompted deeper scrutiny of third-party providers. Meanwhile, CrowdStrike has minimized its liability, pointing to Delta’s unique challenges during recovery and questioning why Delta faced greater impacts than other affected companies.
CrowdStrike’s senior vice president, Adam Meyers, testified before Congress last month, apologizing for the faulty update that caused widespread issues. Meyers confirmed that a content configuration update to CrowdStrike’s Falcon Sensor security software led to the disruptions, and he assured officials that CrowdStrike has implemented measures to prevent future occurrences.